john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

renew script tweaks

Browse Source
This commit is contained in:
John Lancaster
2026-04-04 09:33:08 -05:00
parent 1a7a1189e7
commit 710f13ace4
1 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/features/mtls.nix
+6 -7
View File
@@ -139,12 +139,11 @@ let
echoCmd = lib.getExe' pkgs.coreutils "echo";
chownCmd = lib.getExe' pkgs.coreutils "chown";
chmodCmd = lib.getExe' pkgs.coreutils "chmod";
systemctl = lib.getExe' pkgs.systemd "systemctl";
escapedArgs = lib.escapeShellArgs systemctlArgs;
systemctlCommand = "${systemctl} ${escapedArgs}";
stepCmd = lib.getExe pkgs.step-cli;
systemctlCmd = "${lib.getExe' pkgs.systemd "systemctl"} ${lib.escapeShellArgs systemctlArgs}";
renewReloadScript = lib.concatMapStringsSep "\n" (unit: ''
if ${systemctlCommand} --quiet is-active "${unit}"; then
${systemctlCommand} try-reload-or-restart "${unit}"
if ${systemctlCmd} --quiet is-active "${unit}"; then
${systemctlCmd} try-reload-or-restart "${unit}"
fi
'') reloadUnits;
renewPostCommands = lib.concatStringsSep "\n" postCommands;
@@ -152,14 +151,14 @@ let
pkgs.writeShellScriptBin "mtls-renew" ''
set -euo pipefail
if ${lib.getExe pkgs.step-cli} certificate needs-renewal "${certFile}"; then
if ${stepCmd} certificate needs-renewal "${certFile}"; then
${echoCmd} "Renewing mTLS certificate"
else
${echoCmd} "Skipping renew"
exit "$?"
fi
${lib.getExe pkgs.step-cli} ca renew --force "${certFile}" "${keyFile}"
${stepCmd} ca renew --force "${certFile}" "${keyFile}"
(umask 077; ${catCmd} "${certFile}" "${keyFile}" > "${bundleFile}")
${chownCmd} ${user}:${group} ${certFile} ${keyFile} ${bundleFile}
${chmodCmd} 640 ${certFile} ${keyFile} ${bundleFile}